Smart-Card Implementation of Elliptic Curve Cryptography and DPA-Type Attacks

  • Marc Joye
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 153)

Abstract

This paper analyzes the resistance of smart-card implementations of elliptic curve cryptography against side-channel attacks, and more specifically against attacks using differential power analysis (DPA) and variants thereof. The use of random curve isomorphisms is a promising way (in terms of efficiency) for thwarting DPA-type for elliptic curve cryptosystems but its implementation needs care.

Various generalized DPA-type attacks are presented against improper implementations. Namely, a second-order DPA-type attack is mounted against an additive variant of randomized curve isomorphisms and a “refined” DPA-type attack against a more general variant. Of independent interest, this paper also provides an exact analysis of second-order DPA-type attacks.

Keywords

Smart-card implementations elliptic curve cryptography side-channel analysis DPA-type attacks 

References

  1. [1]
    R.M. Avanzi. Countermeasures against differential power analysis for hyperelliptic curve cryptosystems. In C.D. Walter, Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2003, volume 2779 of Lecture Notes in Computer Science, pages 366–381. Springer-Verlag, 2003.Google Scholar
  2. [2]
    S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi. Towards sound approaches to counteract power-analysis attacks. In M. Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer-Verlag, 1999.Google Scholar
  3. [3]
    M. Ciet and M. Joye. (Virtually) free randomization techniques for elliptic curve cryptography. In S. Qing, D. Gollmann, and J. Zhou, editors, Information and Communications Security (ICICS 2003), volume 2836 of Lecture Notes in Computer Science, pages 348–359. Springer-Verlag, 2003.Google Scholar
  4. [4]
    C. Clavier and M. Joye. Universal exponentiation algorithm: A first step towards provable SPA-resistance. In Ç.K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 300–308. Springer-Verlag, 2001.Google Scholar
  5. [5]
    J.-S. Coron. Resistance against differential power analysis for elliptic curve cryptosystems. In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES’ 99, volume 1717 of Lecture Notes in Computer Science, pages 292–302. Springer-Verlag, 1999.Google Scholar
  6. [6]
    E. De Win, S. Mister, B. Preneel, and M. Wiener. On the performance of signature schemes based on elliptic curves. In J.P. Buhler, editor, ANTS-3: Algorithmic Number Theory, volume 1423 of Lecture Notes in Computer Science, pages 252–266. Springer-Verlag, 1998.Google Scholar
  7. [7]
    L. Goubin. A refined power analysis attack on elliptic curve cryptosystems. In Y.G. Desmedt, editor, Public Key Cryptography-PKC 2003, volume 2567 of Lecture Notes in Computer Science, pages 199–211. Springer-Verlag, 2003.Google Scholar
  8. [8]
    D. Hankerson, J. López Hernandez, and A. Menezes. Software implementation of elliptic curve cryptography over binary fields. In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 1–24. Springer-Verlag, 2000.Google Scholar
  9. [9]
    M.A. Hasan. Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz cryptosystems. In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 93–108. Springer-Verlag, 2000.Google Scholar
  10. [10]
    M. Joye and C. Tymen. Protections against differential analysis for elliptic curve cryptography: An algebraic approach. In Ç.K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 377–390. Springer-Verlag, 2001.Google Scholar
  11. [11]
    P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology-CRYPTO’ 96, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer-Verlag, 1996.Google Scholar
  12. [12]
    P.C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag, 1999.Google Scholar
  13. [13]
    T.S. Messerges. Using second-order power analysis to attack DPA resistant software. In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 238–251. Springer-Verlag, 2000.Google Scholar
  14. [14]
    R. Schroeppel, H. Orman, S. O’Malley, and O. Spatscheck. Fast key exchange with elliptic curve systems. In D. Coppersmith, editor, Advances in Cryptology-CRYPTO’ 95, volume 963 of Lecture Notes in Computer Science, pages 43–56. Springer-Verlag, 1995.Google Scholar
  15. [15]
    J.H. Silverman. The arithmetic of elliptic curves, volume 106 of Graduate Texts in Mathematics. Springer-Verlag, 1986.Google Scholar
  16. [16]
    N.P. Smart. An analysis of Goubin’s refined power analysis attack. In C.D. Walter, Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2003, volume 2779 of Lecture Notes in Computer Science, pages 281–290. Springer-Verlag, 2003.Google Scholar
  17. [17]
    E. Trichina and A. Bellezza. Implementation of elliptic curve cryptography with built-in countermeasures against side channel attacks. In B.S. Kaliski Jr., Ç.K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 98–113. Springer-Verlag, 2003.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Marc Joye
    • 1
  1. 1.Card Security Group La VigieGemplusLa Ciotat CedexFrance

Personalised recommendations